Reaper IoT botnet 'only partially mobilised'
Report finds up to two million infected devices have yet to be activated
Despite the Reaper botnet receiving widespread coverage over the past few weeks, it seems it's not as powerful as security researchers first thought, as many of its bots are not actually operating to disable networks.
Although there are between 10,000 and 20,000 bots launching attacks, another two million hosts that have the potential to become part of it have for some reason not been launched, according to a report by Arbor Networks.
"Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism," the company said in its analysis of the threat.
It's likely that Reaper may have been created to form part of a booter/stresser service for the Chinese DDoS-for-hire market, according to the report, as deeper research into the botnet's behaviour revealed that some of its code appears to be based upon the more powerful Mirai IoT malware.
"While Reaper is capable of launching SYN-floods, ACK-floods, HTTP floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well," Arbor's Security Engineering & Response Team (ASERT) said in a blog post.
The Reaper botnet was first discovered by Qihoo 360 Netlab last month and since its discovery, it's been adapted to pose a threat to a range of connected devices including IP-based cameras, routers, storage boxes and Wi-Fi points from vendors including D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.
Netgear released a statement saying it's continuously adapting its firmware and security patches to make sure products are as protected as well as they can be.
"Netgear appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats," it said. "Being proactive rather than reactive to emerging security issues is a fundamental belief at Netgear."
Preparing for long-term remote working after COVID-19
Learn how to safely and securely enable your remote workforceDownload now
Cloud vs on-premise storage: What’s right for you?
Key considerations driving document storage decisions for businessesDownload now
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Solutions that facilitate work at full speedDownload now